Operating

Procedures
PRELIMINARY DRAFT
February 2018

This page intentionally left blank

Table of Contents
Table of Contents 1
Preface 3
Mandatory Procedures 3
Licensing of This Document 4
References 4
D
Technical Procedures 5
Commissioning a New Virtual Machine 5
Commissioning a New Server 6
Decommissioning a Virtual Machine 7
Decommissioning a Server 7
R
Password Policy 8
Programs and Services 10
Creating a New Foundation Program or Service 10
Discontinuing a Foundation Program or Service 11
A
Meetings 12
Proposing Items 12
Annual and Quarterly Meetings 12
Payments and Donations 13
FT
Donations 13
Unrelated Business Income 13
General Payments 13
Reimbursements 13
Improper Payments 14
Embezzlement 14
Unjust Enrichment 14
Code of Conduct 15
Deliberate Misgendering 15
Unsafe or Unfriendly Environment 15
Sexual Harassment 15
This page intentionally left blank

D
R
A
FT

2
Preface
This manual is designed to create a uniform set of operating procedures for the
Interlinked Foundation. The goals of this manual are:

• Assist in coordination and inventory of assets

• Ensure foundation funds are well-spent and reduce waste
• Maintaining compliance with all local, state, and federal regulations
• Guaranteeing a degree of transparency
• Keeping the foundation organised as it grows
D
• Providing a guide for new key people
• Acting as a how-to for those who do not know how to do something

Coordination between different people within the foundation is essential to the mission;
however, excessive regulation and bureaucracy is often counterproductive to agility.
Therefore, this manual aims to maintain a balance between order and freedom.
R
Some procedures outlined in this manual are optional, while others are mandatory.
Assume all procedures are optional unless otherwise noted, unless common sense
dictates otherwise. However, it is highly recommended to follow these procedures in any
case.

Uncertainty, unique situations not anticipated, and even self-contradictions are all
A
guaranteed to happen in life. Foundation business is no different. Let common sense be
your guide throughout. If you are ever uncertain what to do, consulting a board member
is the best course of action. If a board member is unavailable, or it's a minor detail,
simply do what you think is best. It is very rare someone will be penalised for doing what
made sense at the time, so long as it was not in malice.
FT
It is not intended that this book be read at once, although it is fully intended to be usable
in such a fashion. Rather, it has been designed as an occasional reference and aid.

Any ideas on how to improve this manual are always welcome.

Mandatory Procedures
All mandatory procedures apply to everyone equally, from the president to the volunteer.
It is a fundamental principle of the organisation that no one is above the rules. Many of
them are there for a very good reason, whether the law commands it, ethical obligations
demand it, or good corporate governance requires it.

That is not to say that mandatory procedures are beyond reproach; discussion of any
mandatory item is welcome.

3
Licensing of This Document
This manual is copyright of the Interlinked Foundation.

This work is licensed under a Creative Commons Attribution 4.0 International License.

The Interlinked Foundation retains all trademark rights to its name and logo. Derivatives
must not use these trademarks without express permission of the Interlinked
Foundation.

References
D
This document references:

• The Interlinked Foundation Bylaws ("bylaws")

• The official documents git repository ("documents repo")
• The Interlinked Code Syndicate ("foxkit.us")
R
• The Interlinked Website ("website")

A
FT

4
Technical Procedures
As the Interlinked Foundation is predominantly an Internet-based organisation, the need
for technical procedures is paramount.

The foundation has a huge amount of servers and supporting infrastructure, more than
many people realise. The foundation operates an IRC network, XMPP server, Minecraft
server, and code forge, just to name a few things. Management and inventory of the
existing infrastructure is an ongoing challenge for the foundation. In addition, future-
proofing is needed to ensure the foundation can manage its infrastructure effectively as
D
it grows.

These procedures are designed to ensure it all works smoothly whilst keeping burdens
low.

Commissioning a New Virtual Machine

R
Note: When speaking of a virtual machine in this section, we speak of one
hosted on our own infrastructure.

All of the outlined procedures are mandatory.

A
The foundation uses virtual machines to reduce the total cost of segregating services
and ensuring security. When commissioning any kind of virtual machine, it is absolutely
vital that it be in furtherance of the foundation's mission (Bylaws Art. II). It is also vital
that the virtual machine not cause undue burden on the limited resources of the
foundation.
FT
Virtual machines typically do not cost anything to the foundation, and notifying the
treasurer is typically not required.

The technical means for creation of the virtual machine and its configuration are outside
the scope of this document.

The procedure is as follows:

• Consult a board officer or the technical committee chair to determine if this virtual
machine is actually required; be prepared to offer justification
• Determine where the machine will be located and ensure it has the resources
required to host the virtual machine (disk space, RAM, etc.)
• Locate the host server's spreadsheet in the Servers folder of the documents repo
• Add an entry for the server, including any IP's you have used, and relevant
hostnames (if used)

5
 • The name of the server should be related to its function, unless it is for internal
purposes
• Ask a board officer or technical committee chair to add the requisite DNS entry for
the relevant domain or subdomain, if necessary
• Give the credentials to a board officer for addition to password storage in Vault

Commissioning a New Server

Note: When speaking of a server in this section, we speak of a physical server
or third-party virtual machine.
D
All of the outlined procedures are mandatory.

It is sometimes necessary to commission a new server outside foundation

infrastructure, whether as a new virtual machine host, redundancy, or for increased
security. This is not a decision to be taken lightly, as for physical servers the cost is
often very large to the foundation. It is absolutely vital that the reason for its creation
R
further the foundation's mission in some way (Bylaws Art. II).

The foundation does not presently possess rack space of its own, and therefore must
purchase dedicated servers from third-party providers for all physical servers.

Configuration of the server is outside the scope of this document.

A
The procedure is as follows:

• Consult a board officer or the technical committee chair to determine if this server
is truly required; be prepared to offer justification
• Large or expensive servers must be approved by the technical committee
• Selection of a provider should prefer existing providers, unless this server is for
FT
redundancy
• Consult with the treasurer for payments for the server
• If the server requires multiple IP's, ensure they are configured
• Ensure automatic payments are set up
• Create a spreadsheet for the server in Servers in the documents repo if it is a
physical host, otherwise add to the third-party virtual machine spreadsheet
• Note in the sheet the name of the server, any IP blocks, its function, and relevant
hostnames (if used)
• The name of the server should be related to its function, unless it is for internal
purposes
• Ask a board officer or technical committee chair to add the requisite DNS entry for
the relevant domain or subdomain, if necessary
• Give the credentials to a board officer for addition to password storage in Vault

6
Decommissioning a Virtual Machine
Note: When speaking of a virtual machine in this section, we speak of one
hosted on our own infrastructure.

All of the outlined procedures are mandatory.

When decommissioning a virtual machine, it is vital the removal be recorded. The

procedure is greatly simplified over creation, as it involves deallocation of resources
rather than allocation.
D
The technical means for destruction of the virtual machine are outside the scope of this
document.

The procedure is as follows:

• Consult a board member or the technical committee chair to determine if

R
decommissioning is prudent
• Destroy the virtual machine
• All data must be securely erased, if sensitive
• Locate the host server's spreadsheet in the Servers folder of the documents repo
• Delete the virtual machine from the spreadsheet
• Ask a board officer or technical committee chair to remove the requisite DNS entry
for the relevant domain or subdomain, if necessary
A
• Inform a board officer once destruction is complete, if not already done

Decommissioning a Server
Note: When speaking of a server in this section, we speak of a physical server
FT
or third-party virtual machine.

All of the outlined procedures are mandatory.

When decommissioning a server, it is vital the removal be recorded.The procedure is

greatly simplified over creation, as it involves deallocation of resources rather than
allocation.

The technical means for decommissioning of the server is beyond the scope of this
document.

The procedure is as follows:

• Consult a board member or the technical committee chair, or the technical

committee itself it is a major server, to determine if decommissioning is prudent

7
 • Notify the treasurer the server is being decommissioned and payments for it will
cease, and notify the treasurer of any final payments due at this time
• If the server contains virtual machines, ensure they are migrated elsewhere before
attempting to move the server; make a note of each virtual machine requiring
migration, and migrate them one by one
• All data must be securely erased, if sensitive
• Settle all final bills for the server with the provider
• Remove the spreadsheet for the server in Servers in the documents repo if it is a
physical host, otherwise remove it from the third-party virtual machine spreadsheet
• Ask a board officer or technical committee chair to remove the requisite DNS entry
for the relevant domain or subdomain, if necessary
• Inform a board officer once destruction is complete, if not already done
D
Password Policy
Note: All of the outlined procedures are mandatory and are vital to the security of
foundation assets.
R
Passwords are stored in a program known as Vault. It encrypts credentials with a 3-part
key that requires no fewer than two board officers to unseal. Only board officers have
access to this vault.

Retention
A
Passwords are not to be retained by anyone (for example, saved in a browser's form
storage). The only place passwords should be permanently stored is in Vault, or in
secure correspondence to the authorised user.

Storing Passwords
FT
All usernames and passwords are to be stored in Vault without exception. The vault
must be resealed after passwords are stored.

Generating Passwords
All passwords must be randomly and securely generated, and no fewer than 16
characters in length. Mixed-case, numbers, and symbols are required. If a service
requires a less-secure password, make note of that to a board officer.

When An Officer Or Other Person Leaves

Passwords must be changed after a board officer leaves the foundation. When any
other person leaves the foundation, ensure all passwords they have had access to are
changed.

8
Retrieving Passwords
Passwords may be retrieved from the vault only with the agreement of two board
officers. Two will usually be around, so this is not a severe impediment. Please state
your reason for requiring the password.
D
R
A
FT

9
Programs and Services
The Interlinked Foundation's goal is to foster and create Internet communities that are
safe from harassment and discrimination (Bylaws Art. II and XIII). This goal is
accomplished through a variety of programs and services offered by the foundation.

Creating a New Foundation Program or Service

Note: These procedures are required except in emergency circumstances.
D
The foundation operates a variety of online services in the public interest. Before
creating a new service, ensure it meets our mission and the code of conduct will be
enforced (Bylaws Art. II and XII).

When making any for-fee service, the foundation must be mindful of the IRS's unrelated
business income rules. All services offered by the foundation must meet these
R
guidelines to avoid excise taxes on this income. These guidelines are beyond the scope
of this document, but the IRS offers a short online course on what exactly constitutes
unrelated business income. Before proposing any for-fee service, please familiarise
yourself with these rules.

Preparations for the proposal

A
When creating a proposal, ensure you have the following ready:

• A plan for management of the service

• What value this service brings to the foundation
• Who the anticipated user base is, and what size it will be, if possible
FT
• What technical resources are required to create this service
• Anticipated costs to the foundation, if any
• (Optional) Who will manage and moderate the service
• (Optional) Projected donation income from the service

Procedure
The procedure for creating a new service is as follows:

• Make your proposal to the secretary for discussion at the next meeting
• The board will approve the proposal as a whole
• If approved, talk to the treasurer to arrange payment for the service, if any
• Follow the relevant procedures for creating servers
• Once set up, inform the board you have created the service
• If relevant, create any documentation for the service in the documents repo

10
 • If you are managing the service, be prepared to create progress reports on the
service, including the size of the user base, and any problems encountered

Discontinuing a Foundation Program or Service

Note: These procedures are required except in emergency circumstances.

If a service has ceased to provide public benefit, is causing unrelated business income
issues, or accomplish our mission, discontinuing the service is likely prudent.

Before discontinuing, see if spinning out the service is a possible way to save it. If
D
spinning out will save the service, an orderly transfer of assets (which will be handled on
a case-by-case basis) and liabilities out of the foundation is in order.

Preparations for the proposal

When creating a proposal, ensure you have the following ready:
R
• An estimate of how many users will be affected by discontinuation of the service
• A plan for succession of the service, if any
• Where applicable: the cost of decommissioning, expected savings, and anticipated
loss of donation income
• What technical resources will be deallocated and how any excess resources can
A
be used elsewhere

Procedure
The procedure for discontinuing a service is as follows:
FT
• Make your proposal to the secretary for discussion at the next meeting
• The board will approve the proposal as a whole
• If approved, talk to the treasurer for finalling bills and noting stopped payments
• Announce the decommissioning to the users of the service (if any), recommend
alternatives, and wait at least 30 days if possible
• Follow the relevant procedures for decommissioning servers, or transfer the assets
elsewhere as outlined in your plan
• If relevant, destroy or archive any documentation in the documents repo
• Set up any night-light pages outlining the service's discontinuation, if applicable
• Once discontinuation is complete, notify the board


11
Meetings
See also: Bylaws, Article IV, V, and VI

Meetings are how foundation business gets done formally, and how major decisions are
made. Decisions are generally made by the Board of Trustees, or relevant committees
(Bylaws Art. IV § 1, Bylaws Art VI).

When attending a meeting, it's a good idea to familiarise yourself with parliamentary
procedure.
D
Proposing Items
Anyone may propose items to the secretary in advance or propose items at a meeting
(Bylaws Art. III § 3, Bylaws Art. V § 3). It is preferable to notify the secretary in advance.
R
Annual and Quarterly Meetings
Quarterly and annual meetings are required by the foundation's bylaws (Bylaws Art. IV §
3). If a special meeting is to be held, the president of the board of trustees or any two
members may request it (Bylaws Art. IV § 4).
A
Notice must be given of all meetings, unless such notice is declined by the trustee
(Bylaws Art. IV § 5). The secretary must send notices to all members and members of
the Board of Trustees for each meeting (Bylaws Art. IV § 5). If you have not received
notice of any meeting, consult with the secretary.

All meetings must have a quorum of a simple majority present (Bylaws Art. IV § 6).

FT

12
Payments and Donations
Note: everything in this chapter is mandatory

The treasurer or authorised board officers are generally in charge of all payments
(Bylaws Art. V). Thus, all payments must be cleared through them.

Donations
D
It's the law: except for de minimis donations, donors must receive an acknowledgement
letter on corporate letterhead thanking them for their donation and the amount they
donated.

They cannot receive a deduction without this notice; if they get audited, they will need
this letter of acknowledgement.
R
If anything aside from de minimis items valued under $10 was given to the donor for this
donation (a quid pro quo transaction), it must be recorded in this letter; if nothing or a de
minimis item was given to the donor in exchange, "Nothing was received in exchange
for this contribution" or similar wording is required.

Fines may be imposed on the organisation if compliance is not maintained.

A
Unrelated Business Income
To maintain compliance with IRS regulations, all unrelated business income must be
filed with the IRS, and taxes paid. If any unrelated business income (income not related
to our mission) is received, notify the treasurer immediately.
FT
All sources of unrelated business income should be spun out of the organisation.

General Payments
All payments made by the foundation must be accounted for in the relevant Accounting
spreadsheet in the documents repo. Notify the treasurer of all payments made,
including recurring payments.

Reimbursements
If you have made a payment on behalf of the foundation, you are legally entitled to full
reimbursement. Consult the treasurer to be reimbursed.

13
Improper Payments
If an improper payment (a payment by mistake, or to the wrong party, or for an
excessive amount) has been made, consult the treasurer immediately. Keep all receipts
and relevant documentation for the payment, and explain how this occurred.

Embezzlement
Embezzlement is defined as "theft or misappropriation of funds placed in one's trust."
This is a serious crime that carries stiff legal penalties. If you suspect embezzlement of
D
foundation funds, notify a board officer immediately. Do not confront the suspected
embezzler yourself.

A board officer must confront the suspected embezzler and demand a reasonable
explanation for the missing funds; if none is forthcoming, and the funds are not returned,
law enforcement must be contacted. Retain any and all evidence of the embezzlement.
R
If embezzlement is proven, the board may vote to expel the member or officer.

Unjust Enrichment
The IRS defines the inurement (personal benefit) prohibition as "[forbidding] the use of
A
the income or assets of a tax-exempt organisation to directly or indirectly unduly benefit
an individual or other person that has a close relationship with the organisation or is
able to exercise significant control over the organisation." It is illegal to use foundation
funds to benefit yourself in any way, and against the organisation's bylaws (Bylaws Art.
II).

It is natural of course that unintentional enrichment may happen completely by mistake

FT
(such as using the company card on accident to buy yourself dinner). When this occurs,
promptly reimburse the foundation for the amount you have taken. However, if a pattern
of this continues, you may face dismissal.

The foundation can not and will not give personal loans or credit to anyone under any
circumstances. The foundation's money is also not to be used for your personal
convenience.

14
Code of Conduct
The code of conduct is binding upon all members (Bylaws Art. XIII). Any violations in the
code of conduct must be reported to the president or vice president.

The board may impose sanctions upon any member found to be in violation of the code
of conduct.

Deliberate Misgendering
D
It is your right as a foundation member to have your pronouns and gender identity
respected at all times by other foundation members (Bylaws Art. III § 5, Art. XIII). If you
believe someone has misgendered you in malice, or repeatedly does so in a harassing
fashion, consult the vice president or president immediately.

Unsafe or Unfriendly Environment

R
Note: Threats of bodily harm and harassment are a crime. Legal penalties are
possible for harassment, as well as civil lawsuits.

It is expected that a safe, respectful, friendly, and cordial atmosphere be maintained at

A
all times in the foundation (Bylaws Art. XIII). Patterns of passive-aggressiveness,
rudeness, harassment, bullying, untrue rumours, or any other such behaviour will not be
tolerated and will be dealt with appropriately. The foundation has no place for
machismo, cattiness, or excessive ego.

Confrontation or fighting will not be tolerated. Leave your disputes at the door.
FT
If you have seen or you are the victim of any such behaviour, report it to the vice-
president or president.

Sexual Harassment
Note: Sexual harassment is a crime. Legal penalties are severe for sexual
harassment, and civil lawsuits are possible.

Even as an Internet-based organisation, the Interlinked Foundation has a zero-tolerance

policy for sexual harassment, even in textual form. Any such incidents will be
forwarded to the police, and the perpetrator will be immediately dismissed.

Respect the boundaries of others at all times. It's the right thing to do.


15
 FT
A

16
R
D